Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Publications

Publications by João Soares Resende

2016

Digital Signatures Workflows in Alfresco

Authors
Sousa, PR; Faria, P; Correia, ME; Resende, JS; Antunes, L;

Publication
Electronic Government and the Information Systems Perspective - 5th International Conference, EGOVIS 2016, Porto, Portugal, September 5-8, 2016, Proceedings

Abstract
There are some obstacles, towards a paperless office. One of them is the collection of signatures, since nearly half of all documents are printed for the sole purpose of collecting them. Digital signatures can have the same legal evidential validity as handwritten signatures, provided they are based on certificates issued by accredited certification authorities and the associated private keys are stored on tamper proof token security devices like smart cards. In this article, we propose a platform for secure digital signature workflow management that integrates secure token based digital signatures with the Enterprise Content Management Alfresco, where each user can associate a set of smart cards to his account. The documents can then be signed with the citizen card or other smart card that has digital signatures capabilities. We have implemented an Alfresco module that allows us to explore several workflow techniques to implement real task secure digital signatures workflows, as people for example do when they pass a paper document between various departments to be signed. Since all users can see the current state of the documents being signed during the entire signage process, important security properties like system trust are preserved. We also describe an external validation web service, that provides a way for users to validate signed documents. The validation service then shows to the user important document security properties like timestamps, certificates attributes and highlights the document integrity in face of the digital signatures that have been collected in the workflows defined by our module in Alfresco. © Springer International Publishing Switzerland 2016.

2017

FOSTERING EFFICIENT LEARNING IN THE TECHNICAL FIELD OF ROBOTICS BY CHANGING THE AUTONOMOUS DRIVING COMPETITION OF THE PORTUGUESE ROBOTICS OPEN

Authors
Costa, V; Resende, J; Sousa, P; Sousa, A; Lau, N; Reis, L;

Publication
ICERI2017 Proceedings

Abstract

2018

Evaluating the Privacy Properties of Secure VoIP Metadata

Authors
Resende, JS; Sousa, PR; Antunes, L;

Publication
Trust, Privacy and Security in Digital Business - Lecture Notes in Computer Science

Abstract

2018

Enforcing Privacy and Security in Public Cloud Storage

Authors
Resende, JS; Martins, R; Antunes, L;

Publication
2018 16th Annual Conference on Privacy, Security and Trust (PST)

Abstract

2019

pTASC: trustable autonomous secure communications

Authors
Sousa, PR; Cirne, A; Resende, JS; Martins, R; Antunes, L;

Publication
Proceedings of the 20th International Conference on Distributed Computing and Networking, ICDCN 2019, Bangalore, India, January 04-07, 2019

Abstract

2019

Breaking MPC implementations through compression

Authors
Resende, JS; Sousa, PR; Martins, R; Antunes, L;

Publication
International Journal of Information Security

Abstract
There are many cryptographic protocols in the literature that are scientifically and mathematically sound. By extension, cryptography today seeks to respond to numerous properties of the communication process beyond confidentiality (secrecy), such as integrity, authenticity, and anonymity. In addition to the theoretical evidence, implementations must be equally secure. Due to the ever-increasing intrusion from governments and other groups, citizens are now seeking alternatives ways of communication that do not leak information. In this paper, we analyze multiparty computation (MPC), which is a sub-field of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. This is a very useful method that can be used, for example, to carry out computations on anonymous data without having to leak that data. Thus, due to the importance of confidentiality in this type of technique, we analyze active and passive attacks using complexity measures (compression and entropy). We start by obtaining network traces and syscalls, then we analyze them using compression and entropy techniques. Finally, we cluster the traces and syscalls using standard clustering techniques. This approach does not need any deep specific knowledge of the implementations being analyzed. This paper presents a security analysis for four MPC frameworks, where three were identified as insecure. These insecure libraries leak information about the inputs provided by each party of the communication. Additionally, we have detected, through a careful analysis of its source code, that SPDZ-2’s secret sharing schema always produces the same results. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.

  • 1
  • 2